If signatures are always separately retrieved and verified when
retrieving the information they authenticate, there will be more
trips to the server and performance will suffer. To avoid this,
security aware servers mitigate that degradation by always attempting
to send the signature(s) needed.
2.3.1 The SIG Resource Record
The syntax of a SIG resource record (signature) is described in
Section 4. It includes the type of the RR(s) being signed, the name
of the signer, the time at which the signature was created, the time
it expires (when it is no longer to be believed), its original time
to live (which may be longer than its current time to live but cannot
be shorter), the cryptographic algorithm in use, and the actual
signature.
Every name in a secured zone will have associated with it at least
one SIG resource record for each resource type under that name except
for glue RRs and delgation point NS RRs. A security aware server
supporting the performance enhanced version of the DNS protocol
security extensions will attempt to return, with RRs retrieved, the
corresponding SIGs. If a server does not support the protocol, the
resolver must retrieve all the SIG records for a name and select the
one or ones that sign the resource record(s) that resolver is
interested in.
RFC 2065 DNS Security Extensions January 1997
2.3.2 Authenticating Name and Type Non-existence
The above security mechanism provides only a way to sign existing RRs
in a zone. "Data origin" authentication is not obviously provided
for the non-existence of a domain name in a zone or the non-existence
of a type for an existing name. This gap is filled by the NXT RR
which authenticatably asserts a range of non-existent names in a zone
and the non-existence of types for the name just before that range.
Section 5 below covers the NXT RR.
2.3.3 Special Considerations With Time-to-Live
A digital signature will fail to verify if any change has occurred to
the data between the time it was originally signed and the time the
signature is verified. This conflicts with our desire to have the
time-to-live field tick down when resource records are cached.
This could be avoided by leaving the time-to-live out of the digital
signature, but that would allow unscrupulous servers to set
arbitrarily long time to live values undetected. Instead, we include
the "original" time-to-live in the signature and communicate that
data in addition to the current time-to-live. Unscrupulous servers
under this scheme can manipulate the time to live but a security
aware resolver will bound the TTL value it uses at the original
signed value. Separately, signatures include a time signed and an
expiration time. A resolver that knows the absolute time can
determine securely whether a signature has expired. It is not
possible to rely solely on the signature expiration as a substitute
for the TTL, however, since the TTL is primarily a database
consistency mechanism and, in any case, non-security aware servers
that depend on TTL must still be supported.
2.3.4 Special Considerations at Delegation Points
DNS security would like to view each zone as a unit of data
completely under the control of the zone owner and signed by the
zone's key. But the operational DNS views the leaf nodes in a zone,
which are also the apex nodes of a subzone (i.e., delegation points),
as "really" belonging to the subzone. These nodes occur in two
master files and may have RRs signed by both the upper and lower
zone's keys. A retrieval could get a mixture of these RRs and SIGs,
especially since one server could be serving both the zone above and
below a delegation point.
In general, there must be a zone KEY RR for the subzone in the
superzone and the copy signed in the superzone is controlling. For
all but one other RR type that should appearing in both the superzone
RFC 2065 DNS Security Extensions January 1997
and subzone, the data from the subzone is more authoritative. To
avoid conflicts, only the KEY RR in the superzone should be signed
=4= |
